From: Tom Hughes <tom@compton.nu>
Date: Tue, 29 Sep 2020 13:22:51 +0000 (+0100)
Subject: Invalidate existing sessions when changing email or password
X-Git-Tag: live~3311
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/7db541d697436a4ff24f6f5a6bb2c0ecc9b8a9e6?hp=7db541d697436a4ff24f6f5a6bb2c0ecc9b8a9e6

Invalidate existing sessions when changing email or password

As we don't have any way to actually find the active sessions for
an account we instead store a fingerprint in the session, and refuse
to use any session with a different fingerprint.
---